Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6982-1

Ubuntu Security Notice 6982-1 - It was discovered that Dovecot did not not properly have restrictions on the size of address headers. A remote attacker could possibly use this issue to cause denial of service.

Packet Storm
#vulnerability#ubuntu#dos#perl
==========================================================================Ubuntu Security Notice USN-6982-1September 02, 2024dovecot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in Dovecot.Software Description:- dovecot: IMAP and POP3 email serverDetails:It was discovered that Dovecot did not not properly have restrictions onithe size of address headers. A remote attacker could possibly use thisissue to cause denial of service. (CVE-2024-23184, CVE-2024-23185)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  dovecot-core                    1:2.3.21+dfsg1-2ubuntu6In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6982-1  CVE-2024-23184, CVE-2024-23185Package Information:  https://launchpad.net/ubuntu/+source/dovecot/1:2.3.21+dfsg1-2ubuntu6

Related news

Ubuntu Security Notice USN-7013-1

Ubuntu Security Notice 7013-1 - It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. It was discovered that Dovecot incorrectly handled very large headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service.

Red Hat Security Advisory 2024-6529-03

Red Hat Security Advisory 2024-6529-03 - An update for dovecot is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and resource exhaustion vulnerabilities.

Debian Security Advisory 5752-1

Debian Linux Security Advisory 5752-1 - Two vulnerabilities have been discovered in the IMAP implementation of large headers can result in high CPU usage, leading to denial of service.

Debian Security Advisory 5752-1

Debian Linux Security Advisory 5752-1 - Two vulnerabilities have been discovered in the IMAP implementation of large headers can result in high CPU usage, leading to denial of service.

Dovecot IMAP Server 2.2 / 2.3 Denial Of Service

Dovecot IMAP server versions 2.2 and 2.3 suffer from denial of service and resource exhaustion vulnerabilities.

Dovecot IMAP Server 2.2 / 2.3 Missing Rate Limiting

Dovecot IMAP server versions 2.2 and 2.3 have an issue where a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution